| |
| |||||||
Log-Analyse und Auswertung: Meldung: "Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem gesperrt"Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
17.01.2012, 18:33
| #1 |
 |  Meldung: "Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem gesperrt" Hallo miteinander, vielen dank schonmal im vorraus für jegliche hilfe! Seit ein paar wochen ließ sich firefox nichtmehr updaten (laden dauerte einfach immer ewig und nichts geschah), ich hatte aber auch schon version 9.0 und fand es deshalb nicht so wichtig. Am sonntag zeigte mein laptop die nachricht "Achtung! Aus Sicherheitsgründen wurde ihr System blockiert." Ich glaube mein Bild war folgende version: hxxp://blog.teesupport.com/wp-content/uploads/2011/12/Achtung-Aus-Sicherheitsgr%C3%BCnden-wurde-Ihr-Windowssystem-blockiert-scam.bmp Ich bin mir aber nicht mehr 100prozentig sicher ob es genau das bild war. Ich habe dann zunächst die allerwichtigsten dateien gerettet, mit einer ubuntu live-cd. Als antivirenprogramm habe ich avira, das hatte nichts gemeldet. Ein scan mit Malwarebytes zeigte 2 treffer und folgendes log: Code:
ATTFilter Malwarebytes Anti-Malware 1.60.0.1800 www.malwarebytes.org Datenbank Version: v2012.01.15.01 Windows 7 x64 NTFS Internet Explorer 8.0.7600.16385 Stefan :: STEFAN-MSI [Administrator] 15.01.2012 16:52:27 mbam-log-2012-01-15 (18-17-31).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 481837 Laufzeit: 1 Stunde(n), 23 Minute(n), 39 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 1 C:\Program Files (x86)\RelevantKnowledge (Spyware.MarketScore) -> Keine Aktion durchgeführt. Infizierte Dateien: 1 C:\Program Files (x86)\mozjs.dll (Spyware.OnlineGames) -> Keine Aktion durchgeführt. (Ende) Ich habe die namen der viren nicht in den titel aufgenommen, da ich fürchtete das das noch ganz andere waren. Danach probierte ich die systemwiederherstellung, diese misslang. Firefox musste ich neu installieren, es ließ sich nicht mehr starten. Sonntag und montag habe ich dann erstmal nichts weiter unternommen, musste aber dennoch am laptop arbeiten, während dieser Zeit traten bis heute keine Symptome auf. Heute hab ich dann nochmal eine systemwiederherstellung aus dem abgesicherten modus probiert, das hat geklappt, habe dort auf den 13.01., also 2 tage vor dem ereignis zurückgesetzt. Mein System ist windows 7- 64 Bit. Ich benutze avira (die freie version) und firefox, bis auf firefox (siehe oben) müsste alles ziemlich up to date gewesen sein, (jetzt sowieso), allerdings war der acrobat-reader wahrscheinlich schon etwas älter. Ich habe jetzt den "defogger" ausgeführt und auch dieses "OTL". Hier die logfiles: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 11:57 on 17/01/2012 (Stefan)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 1/17/2012 6:26:07 PM - Run 5
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Stefan\Desktop\virus
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.79 Gb Total Physical Memory | 2.41 Gb Available Physical Memory | 63.41% Memory free
7.59 Gb Paging File | 5.95 Gb Available in Paging File | 78.44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 273.40 Gb Total Space | 179.11 Gb Free Space | 65.51% Space Free | Partition Type: NTFS
Drive D: | 180.26 Gb Total Space | 156.23 Gb Free Space | 86.66% Space Free | Partition Type: NTFS
Drive F: | 14.63 Gb Total Space | 14.56 Gb Free Space | 99.48% Space Free | Partition Type: FAT32
Computer Name: STEFAN-MSI | User Name: Stefan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4800_series" = Canon iP4800 series Printer Driver
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel(R) Turbo Boost Technology Monitor
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{563F041C-DFDB-437B-A1E8-E141E0906076}" = Microsoft IntelliPoint 8.0
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64798798-D0C8-4246-56FB-5C5D8A61615C}" = ATI Catalyst Install Manager
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-002A-040C-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (French) 2007
"{90120000-002A-0410-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Italian) 2007
"{90120000-002A-0C0A-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Spanish) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A8725474-37EF-7FCE-DB35-D2CCE7A4C462}" = ccc-utility64
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}" = SRS Premium Sound Control Panel
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Elantech" = ETDWare PS/2-x64 7.0.5.10_WHQL
"LSI Soft Modem" = LSI HDA Modem
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Motorola Bluetooth_is1" = Motorola Bluetooth
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{01A1A019-E1D8-482A-BE17-5E118D17C0A0}" = ArcSoft Print Creations - Brochures & Flyers
"{07690F1C-04B1-4060-9691-6748ED1826B9}" = msi Software Install
"{08DE5112-C279-F317-EB93-4D30708A3AE4}" = CCC Help Czech
"{11742D23-0668-5AA8-19FA-8F88FADC1ABE}" = Catalyst Control Center Graphics Light
"{1AFF250C-F408-DBBA-ECBE-33467D3F76BC}" = CCC Help Chinese Standard
"{1B33B869-A7B8-3F7B-CB3D-54D1A2A16B37}" = Catalyst Control Center Graphics Previews Vista
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{24762012-C6C8-4AAD-A02D-71A009FA1683}" = Adobe Flash Player 10 ActiveX
"{25478065-4CB1-448C-80E4-8C4529017EE3}" = ArcSoft WebCam Companion 3
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 26
"{27BA485D-529E-F94D-C8C5-499547E6493A}" = CCC Help Danish
"{2D2E4682-3B5C-5A3C-1379-F497BCC8B55C}" = CCC Help Chinese Traditional
"{32BB5A09-D930-EB57-737D-7B0BAD29D5D2}" = CCC Help Japanese
"{359E7E50-5ED2-466A-88A6-C36F8AB59018}" = MATLAB(R) Compiler Runtime 7.8
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3CE47E6B-AE27-4E40-AC54-329EED96B933}" = ArcSoft Print Creations - Funhouse II
"{3D735073-A39C-F5B4-5A9F-CC8B5177251D}" = CCC Help Hungarian
"{46B65150-F8AA-42F2-94FB-2729A8AE5F7E}" = SPSS Statistics 17.0
"{488CC14B-15FC-AFFB-F8E4-72B97F7A7C00}" = CCC Help Polish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52EC4C05-0290-D8DB-948E-4BE0C8FE5F4D}" = CCC Help Norwegian
"{53128B2F-8A2B-5FC7-B735-3826B294BE7D}" = Catalyst Control Center Graphics Full New
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1" = Panda USB Vaccine 1.0.1.4
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{5833B2D1-B2C1-2819-1EA5-EE23C772DF01}" = CCC Help English
"{5D1C82E7-7EC0-4404-A8AD-36C3B444BC34}" = ArcSoft Print Creations - Poster Creator
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{63C48CA5-C5D3-2E46-06A4-1A06791A20AB}" = CCC Help Korean
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{679A64E7-14CD-FF36-1470-9DED77603F7B}" = CCC Help Russian
"{6BC27278-28F6-D98A-587C-591FD8DDDC4C}" = PowerXpressHybrid
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74B5512F-E710-8F87-4597-B126F54BD6D1}" = CCC Help Thai
"{7703D8FE-8C98-8CD9-A946-475DC6BBA04C}" = CCC Help Spanish
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B034E4B-A41A-7B9F-9820-C58C4CC99716}" = Catalyst Control Center Core Implementation
"{7D73203D-5854-3B87-25A7-9025829EB076}" = CCC Help Finnish
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BCD960B-2ECC-595C-F934-543061F10F2B}" = CCC Help Italian
"{8E90189A-A5D4-4C0E-A908-06C4236F98EE}" = ArcSoft Magic-i Visual Effects 2
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007
"{90120000-0016-0410-0000-0000000FF1CE}_HOMESTUDENTR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0C0A-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Spanish) 2007
"{90120000-0016-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007
"{90120000-0018-0410-0000-0000000FF1CE}_HOMESTUDENTR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0C0A-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Spanish) 2007
"{90120000-0018-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007
"{90120000-001B-0410-0000-0000000FF1CE}_HOMESTUDENTR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0C0A-0000-0000000FF1CE}" = Microsoft Office Word MUI (Spanish) 2007
"{90120000-001B-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_HOMESTUDENTR_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0403-0000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2007
"{90120000-001F-0403-0000-0000000FF1CE}_HOMESTUDENTR_{4B47C31E-46B0-462B-BEE4-DC383B6A1F2A}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_HOMESTUDENTR_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007
"{90120000-001F-0416-0000-0000000FF1CE}_HOMESTUDENTR_{75EBE365-7FC5-4720-A7D3-804BF550D1BC}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-042D-0000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2007
"{90120000-001F-0456-0000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-040C-1000-0000000FF1CE}_HOMESTUDENTR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0410-1000-0000000FF1CE}_HOMESTUDENTR_{0A75DA12-55CB-4DE5-8B6A-74D97847204E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0C0A-1000-0000000FF1CE}_HOMESTUDENTR_{6113C11D-BACA-4D8E-8002-03C8D06FD5E6}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007
"{90120000-002C-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing (Spanish) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_HOMESTUDENTR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007
"{90120000-006E-0410-0000-0000000FF1CE}_HOMESTUDENTR_{0A75DA12-55CB-4DE5-8B6A-74D97847204E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0C0A-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Spanish) 2007
"{90120000-006E-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{6113C11D-BACA-4D8E-8002-03C8D06FD5E6}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-040C-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (French) 2007
"{90120000-00A1-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0410-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Italian) 2007
"{90120000-00A1-0410-0000-0000000FF1CE}_HOMESTUDENTR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0C0A-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Spanish) 2007
"{90120000-00A1-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92683FBF-ADB3-F0BF-E652-35D11FE190DE}" = PX Profile Update
"{92942F31-C642-7839-BA61-CC5E1DD9397D}" = CCC Help Swedish
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{95F875CC-1B85-43E6-B3E0-13EA04F3D995}" = ArcSoft Print Creations - Photo Prints
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A5F481DE-A5D2-725F-A0F3-1E663272D198}" = PX Profile Update
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{AC76BA86-7AD7-5760-0000-A00000000003}" = Japanese Fonts Support For Adobe Reader X
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{BA659DC5-F577-4364-903D-20C16DD4BDB3}" = Catalyst Control Center - Branding
"{C5D7039E-0803-4FE8-976D-156DE1147E4F}" = ArcSoft Print Creations
"{C85F4BE3-0725-1D9C-50D7-27A5F8CBE6EF}" = CCC Help Greek
"{CA659543-232D-9B74-7058-A8C2DDA16405}" = ccc-core-static
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CD0A677F-D3BB-1187-1669-AE2960659370}" = Catalyst Control Center Localization All
"{CF83661A-F6FC-39A7-9552-B86E1239CC40}" = CCC Help Turkish
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{D850DA0F-468D-9BCE-D601-A41D294F1BD8}" = Catalyst Control Center InstallProxy
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{E81E7CD7-74D6-E355-F19A-427F1B2EE3BF}" = Catalyst Control Center Graphics Full Existing
"{EBC48194-90E6-EBA1-0DD6-9466095E1CAF}" = CCC Help French
"{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}" = System Control Manager
"{EF5B8746-E00C-6306-879E-05444A6839C9}" = CCC Help Portuguese
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1C60A5C-7666-FF75-630F-A136B5FAD451}" = Catalyst Control Center InstallProxy
"{FC09D493-A649-E880-A505-DEAA304E1A8D}" = CCC Help German
"{FC8CF7E1-5722-9952-2A56-8C28E2D17A42}" = CCC Help Dutch
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AutocompletePro3_is1" = AutocompletePro
"Avira AntiVir Desktop" = Avira Free Antivirus
"DivX Setup.divx.com" = DivX-Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free Studio_is1" = Free Studio version 5.0.9
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"MediaProSoft Free Video to AVI MPEG Converter_is1" = MediaProSoft Free Video to AVI MPEG Converter 6.5.2
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"SecureW2 EAP Suite" = SecureW2 EAP Suite 1.1.3 for Windows
"SopCast" = SopCast 3.4.0
"Starcraft" = Starcraft
"StarCraft II" = StarCraft II
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Uninstall_is1" = Uninstall 1.0.0.1
"Veetle TV" = Veetle TV
"VLC media player" = VLC media player 1.1.7
"WinRAR archiver" = WinRAR archiver
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 1/17/2012 6:44:23 AM | Computer Name = Stefan-msi | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 1/17/2012 6:45:36 AM | Computer Name = Stefan-msi | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 1/17/2012 6:45:36 AM | Computer Name = Stefan-msi | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 1/17/2012 6:59:16 AM | Computer Name = Stefan-msi | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmpnetwk.exe, Version: 12.0.7600.16385,
Zeitstempel: 0x4a5bd03d Name des fehlerhaften Moduls: WMNetMgr.dll_unloaded, Version:
0.0.0.0, Zeitstempel: 0x4a5be106 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000007feebb40917
ID
des fehlerhaften Prozesses: 0x9a8 Startzeit der fehlerhaften Anwendung: 0x01ccd504f2bb8217
Pfad
der fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmpnetwk.exe Pfad
des fehlerhaften Moduls: WMNetMgr.dll Berichtskennung: 4b7dcfdd-40fa-11e1-a05e-8773b4fb38b3
Error - 1/17/2012 7:14:46 AM | Computer Name = Stefan-msi | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmpnetwk.exe, Version: 12.0.7600.16385,
Zeitstempel: 0x4a5bd03d Name des fehlerhaften Moduls: WMNetMgr.dll_unloaded, Version:
0.0.0.0, Zeitstempel: 0x4a5be106 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000007feef660917
ID
des fehlerhaften Prozesses: 0x164 Startzeit der fehlerhaften Anwendung: 0x01ccd5071fb899b0
Pfad
der fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmpnetwk.exe Pfad
des fehlerhaften Moduls: WMNetMgr.dll Berichtskennung: 76519c6f-40fc-11e1-a05e-8773b4fb38b3
Error - 1/17/2012 7:30:18 AM | Computer Name = Stefan-msi | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmpnetwk.exe, Version: 12.0.7600.16385,
Zeitstempel: 0x4a5bd03d Name des fehlerhaften Moduls: WMNetMgr.dll_unloaded, Version:
0.0.0.0, Zeitstempel: 0x4a5be106 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000007feefb20917
ID
des fehlerhaften Prozesses: 0x490 Startzeit der fehlerhaften Anwendung: 0x01ccd5094a954004
Pfad
der fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmpnetwk.exe Pfad
des fehlerhaften Moduls: WMNetMgr.dll Berichtskennung: a1d51d3f-40fe-11e1-a05e-8773b4fb38b3
Error - 1/17/2012 11:08:08 AM | Computer Name = Stefan-msi | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmpnetwk.exe, Version: 12.0.7600.16385,
Zeitstempel: 0x4a5bd03d Name des fehlerhaften Moduls: WMNetMgr.dll_unloaded, Version:
0.0.0.0, Zeitstempel: 0x4a5be106 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000007feecd80917
ID
des fehlerhaften Prozesses: 0x538 Startzeit der fehlerhaften Anwendung: 0x01ccd526d1df3d11
Pfad
der fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmpnetwk.exe Pfad
des fehlerhaften Moduls: WMNetMgr.dll Berichtskennung: 0fd38975-411d-11e1-a22b-bd4bd947b9b3
Error - 1/17/2012 11:23:38 AM | Computer Name = Stefan-msi | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmpnetwk.exe, Version: 12.0.7600.16385,
Zeitstempel: 0x4a5bd03d Name des fehlerhaften Moduls: WMNetMgr.dll_unloaded, Version:
0.0.0.0, Zeitstempel: 0x4a5be106 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000007feecc20917
ID
des fehlerhaften Prozesses: 0xcf0 Startzeit der fehlerhaften Anwendung: 0x01ccd529e410f0a0
Pfad
der fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmpnetwk.exe Pfad
des fehlerhaften Moduls: WMNetMgr.dll Berichtskennung: 3a7c8dc7-411f-11e1-a22b-829409eac0a0
Error - 1/17/2012 11:39:10 AM | Computer Name = Stefan-msi | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmpnetwk.exe, Version: 12.0.7600.16385,
Zeitstempel: 0x4a5bd03d Name des fehlerhaften Moduls: WMNetMgr.dll_unloaded, Version:
0.0.0.0, Zeitstempel: 0x4a5be106 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000007feecf40917
ID
des fehlerhaften Prozesses: 0x1024 Startzeit der fehlerhaften Anwendung: 0x01ccd52c0ebd5ff7
Pfad
der fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmpnetwk.exe Pfad
des fehlerhaften Moduls: WMNetMgr.dll Berichtskennung: 660226f6-4121-11e1-a22b-829409eac0a0
Error - 1/17/2012 12:05:48 PM | Computer Name = Stefan-msi | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmpnetwk.exe, Version: 12.0.7600.16385,
Zeitstempel: 0x4a5bd03d Name des fehlerhaften Moduls: WMNetMgr.dll_unloaded, Version:
0.0.0.0, Zeitstempel: 0x4a5be106 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000007feed0e0917
ID
des fehlerhaften Prozesses: 0xe30 Startzeit der fehlerhaften Anwendung: 0x01ccd52fc7815db0
Pfad
der fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmpnetwk.exe Pfad
des fehlerhaften Moduls: WMNetMgr.dll Berichtskennung: 1e7c9892-4125-11e1-a22b-829409eac0a0
[ OSession Events ]
Error - 4/2/2011 9:21:24 AM | Computer Name = Stefan-msi | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 36 seconds with 0 seconds of active time. This session ended with a crash.
Error - 4/2/2011 10:09:54 AM | Computer Name = Stefan-msi | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 2905 seconds with 1860 seconds of active time. This session ended with a
crash.
Error - 4/2/2011 10:27:01 AM | Computer Name = Stefan-msi | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 1015 seconds with 780 seconds of active time. This session ended with a
crash.
Error - 4/12/2011 3:29:47 AM | Computer Name = Stefan-msi | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 588 seconds with 540 seconds of active time. This session ended with a crash.
Error - 10/14/2011 12:54:13 PM | Computer Name = Stefan-msi | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 960
seconds with 360 seconds of active time. This session ended with a crash.
Error - 10/14/2011 3:29:26 PM | Computer Name = Stefan-msi | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 32
seconds with 0 seconds of active time. This session ended with a crash.
Error - 10/14/2011 3:40:03 PM | Computer Name = Stefan-msi | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 507
seconds with 240 seconds of active time. This session ended with a crash.
Error - 1/15/2012 3:58:59 PM | Computer Name = Stefan-msi | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 2065 seconds with 1020 seconds of active time. This session ended with a
crash.
Error - 1/15/2012 4:03:09 PM | Computer Name = Stefan-msi | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 241 seconds with 120 seconds of active time. This session ended with a crash.
Error - 1/15/2012 4:09:55 PM | Computer Name = Stefan-msi | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 21 seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 1/17/2012 5:53:27 AM | Computer Name = Stefan-msi | Source = Service Control Manager | ID = 7005
Description = Der Aufruf "LoadUserProfile" ist aufgrund folgenden Fehlers fehlgeschlagen:
%%183
Error - 1/17/2012 5:53:27 AM | Computer Name = Stefan-msi | Source = Service Control Manager | ID = 7005
Description = Der Aufruf "LoadUserProfile" ist aufgrund folgenden Fehlers fehlgeschlagen:
%%183
Error - 1/17/2012 6:28:56 AM | Computer Name = Stefan-msi | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet
beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error - 1/17/2012 6:59:16 AM | Computer Name = Stefan-msi | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet
beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error - 1/17/2012 7:14:46 AM | Computer Name = Stefan-msi | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet
beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error - 1/17/2012 7:30:18 AM | Computer Name = Stefan-msi | Source = Service Control Manager | ID = 7034
Description = Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet
beendet. Dies ist bereits 3 Mal passiert.
Error - 1/17/2012 11:08:08 AM | Computer Name = Stefan-msi | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet
beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error - 1/17/2012 11:23:38 AM | Computer Name = Stefan-msi | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet
beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error - 1/17/2012 11:39:10 AM | Computer Name = Stefan-msi | Source = Service Control Manager | ID = 7034
Description = Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet
beendet. Dies ist bereits 3 Mal passiert.
Error - 1/17/2012 12:05:48 PM | Computer Name = Stefan-msi | Source = Service Control Manager | ID = 7034
Description = Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet
beendet. Dies ist bereits 4 Mal passiert.
< End of report >
OTL: (diese erschien bei mir nach dem "quickscan" wie in der anleitung gefordert) OTL Logfile: Code:
ATTFilter OTL logfile created on: 1/17/2012 6:10:00 PM - Run 4 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Stefan\Desktop\virus 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.79 Gb Total Physical Memory | 2.58 Gb Available Physical Memory | 68.01% Memory free 7.59 Gb Paging File | 6.07 Gb Available in Paging File | 80.01% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 273.40 Gb Total Space | 179.16 Gb Free Space | 65.53% Space Free | Partition Type: NTFS Drive D: | 180.26 Gb Total Space | 156.23 Gb Free Space | 86.66% Space Free | Partition Type: NTFS Computer Name: STEFAN-MSI | User Name: Stefan | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Stefan\Desktop\virus\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) PRC - C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe (Micro-Star International Co., Ltd.) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe (Panda Security) PRC - C:\Program Files (x86)\System Control Manager\MSIService.exe (Micro-Star International Co., Ltd.) ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Macrovision Europe Ltd.) SRV:64bit: - (Bluetooth Media Service) -- C:\Program Files\Motorola\Bluetooth\audiosrv.exe (Motorola, Inc.) SRV:64bit: - (Bluetooth Device Manager) -- C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe (Motorola, Inc.) SRV:64bit: - (Bluetooth OBEX Service) -- C:\Program Files\Motorola\Bluetooth\obexsrv.exe (Motorola, Inc.) SRV:64bit: - (TurboBoost) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV:64bit: - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agr64svc.exe (LSI Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (Micro Star SCM) -- C:\Program Files (x86)\System Control Manager\MSIService.exe (Micro-Star International Co., Ltd.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (intelkmd) -- C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation) DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation) DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.) DRV:64bit: - (BTMUSB) -- C:\Windows\SysNative\drivers\btmusb.sys (Motorola, Inc.) DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronic Corp.) DRV:64bit: - (BTMHID) -- C:\Windows\SysNative\drivers\btmhid.sys (Motorola, Inc.) DRV:64bit: - (NETw5s64) Intel(R) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation) DRV:64bit: - (IntcDAud) Intel(R) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (BTMCOM) -- C:\Windows\SysNative\drivers\btmcom.sys (Motorola, Inc.) DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys () DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (smserial) -- C:\Windows\SysNative\drivers\SmSerl64.sys (Motorola Inc.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corporation) DRV:64bit: - (ArcSoftKsUFilter) -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.) DRV - (RSUSBSTOR) -- C:\Windows\SysWOW64\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://msi.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://msi.msn.com IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: support@predictad.com:1.11 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: D:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: D:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: D:\Programme\DivX\DivX Plus Web Player\firefox\html5video FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: D:\Programme\DivX\DivX Plus Web Player\firefox\wpa FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\components [2012/01/17 11:26:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\plugins [2011/09/20 17:13:50 | 000,000,000 | ---D | M] [2010/08/26 16:07:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stefan\AppData\Roaming\mozilla\Extensions [2011/09/13 20:33:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stefan\AppData\Roaming\mozilla\Firefox\Profiles\otw7mp5f.default\extensions [2011/06/01 18:24:12 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Stefan\AppData\Roaming\mozilla\Firefox\Profiles\otw7mp5f.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011/04/06 18:00:55 | 000,000,000 | ---D | M] ("AutocompletePro - Your handy search suggestions tool") -- C:\Users\Stefan\AppData\Roaming\mozilla\Firefox\Profiles\otw7mp5f.default\extensions\support@predictad.com () (No name found) -- C:\USERS\STEFAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OTW7MP5F.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\USERS\STEFAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OTW7MP5F.DEFAULT\EXTENSIONS\ELEMHIDEHELPER@ADBLOCKPLUS.ORG.XPI () (No name found) -- C:\USERS\STEFAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OTW7MP5F.DEFAULT\EXTENSIONS\GMAILADSREMOVER@FLORIAN.BERSIER.XPI O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files (x86)\AutocompletePro\AutocompletePro.dll (SimplyGen) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - D:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - D:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe (Micro-Star International Co., Ltd.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Stefan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Stefan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube Download - C:\Users\Stefan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Stefan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D96F9474-9768-4EC4-B81B-89ECBBC610DE}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{d7eb6a15-2365-11e1-848f-93f71d7ce6ba}\Shell - "" = AutoRun O33 - MountPoints2\{d7eb6a15-2365-11e1-848f-93f71d7ce6ba}\Shell\AutoRun\command - "" = F:\LaunchU3.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP MsConfig:64bit - StartUpFolder: C:^Users^Stefan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk - C:\Users\Stefan\AppData\Roaming\Dropbox\bin\Dropbox.exe - (Dropbox, Inc.) MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: ArcSoft Connection Service - hkey= - key= - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) MsConfig:64bit - StartUpReg: BTMTrayAgent - hkey= - key= - C:\windows\SysNative\rundll32.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () MsConfig:64bit - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig:64bit - State: "startup" - Reg Error: Key error. CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012/01/17 11:54:30 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Desktop\virus [2012/01/17 11:50:22 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Avira [2012/01/17 11:45:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012/01/17 11:44:46 | 000,130,760 | ---- | C] (Avira GmbH) -- C:\windows\SysNative\drivers\avipbb.sys [2012/01/17 11:44:46 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\windows\SysNative\drivers\avgntflt.sys [2012/01/17 11:44:46 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\windows\SysNative\drivers\avkmgr.sys [2012/01/17 11:44:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012/01/17 11:44:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2012/01/17 11:30:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security [2012/01/17 11:30:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda USB Vaccine [2012/01/17 11:30:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security [2012/01/17 11:26:12 | 000,626,688 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\msvcr80.dll [2012/01/17 11:26:12 | 000,548,864 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\msvcp80.dll [2012/01/17 11:26:12 | 000,479,232 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\msvcm80.dll [2012/01/17 11:26:12 | 000,043,992 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\mozutils.dll [2012/01/17 11:26:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\searchplugins [2012/01/17 11:26:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\hyphenation [2012/01/17 11:26:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\extensions [2012/01/17 11:26:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\defaults [2012/01/17 11:26:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\components [2012/01/15 15:17:51 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Malwarebytes [2012/01/15 15:17:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/01/15 15:17:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/01/11 22:10:32 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Desktop\graphpad [2012/01/11 20:28:12 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\GraphPad Software [2012/01/11 20:28:12 | 000,000,000 | ---D | C] -- C:\ProgramData\GraphPad Software [2012/01/09 11:08:46 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Desktop\alte prüfungen [2012/01/01 12:36:09 | 000,000,000 | -H-D | C] -- C:\windows\SysNative\CanonIJ Uninstaller Information [2012/01/01 12:36:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon iP4800 series [2011/07/14 14:08:31 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\D3DCompiler_43.dll [2011/07/14 14:08:31 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\d3dx9_43.dll [2011/05/15 12:59:56 | 000,814,040 | ---- | C] (sqlite.org) -- C:\Program Files (x86)\mozsqlite3.dll [2011/05/15 12:59:56 | 000,486,360 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\libGLESv2.dll [2011/05/15 12:59:56 | 000,097,240 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\libEGL.dll [2011/05/15 12:59:56 | 000,015,832 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\mozalloc.dll [2010/08/26 16:06:57 | 016,096,216 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\xul.dll [2010/08/26 16:06:57 | 000,269,272 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\updater.exe [2010/08/26 16:06:57 | 000,170,968 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\softokn3.dll [2010/08/26 16:06:57 | 000,154,584 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\ssl3.dll [2010/08/26 16:06:57 | 000,019,928 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\xpcom.dll [2010/08/26 16:06:56 | 000,924,632 | ---- | C] (Mozilla Corporation) -- C:\Program Files (x86)\firefox.exe [2010/08/26 16:06:56 | 000,719,832 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\mozcrt19.dll [2010/08/26 16:06:56 | 000,719,832 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\mozcpp19.dll [2010/08/26 16:06:56 | 000,646,104 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\nss3.dll [2010/08/26 16:06:56 | 000,371,672 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\nssckbi.dll [2010/08/26 16:06:56 | 000,269,272 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\freebl3.dll [2010/08/26 16:06:56 | 000,187,352 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\nspr4.dll [2010/08/26 16:06:56 | 000,125,912 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\crashreporter.exe [2010/08/26 16:06:56 | 000,109,528 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\nssdbm3.dll [2010/08/26 16:06:56 | 000,105,432 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\smime3.dll [2010/08/26 16:06:56 | 000,105,432 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\nssutil3.dll [2010/08/26 16:06:56 | 000,021,976 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\plc4.dll [2010/08/26 16:06:56 | 000,020,440 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\plds4.dll [2010/08/26 16:06:56 | 000,019,416 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\AccessibleMarshal.dll [2010/08/26 16:06:56 | 000,016,856 | ---- | C] (Mozilla Corporation) -- C:\Program Files (x86)\plugin-container.exe [2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] [1 C:\Users\Stefan\Desktop\*.tmp files -> C:\Users\Stefan\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/01/17 17:58:14 | 001,521,018 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2012/01/17 17:58:14 | 000,662,748 | ---- | M] () -- C:\windows\SysNative\perfh007.dat [2012/01/17 17:58:14 | 000,623,288 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2012/01/17 17:58:14 | 000,133,786 | ---- | M] () -- C:\windows\SysNative\perfc007.dat [2012/01/17 17:58:14 | 000,109,410 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2012/01/17 17:50:58 | 000,017,376 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/01/17 17:50:58 | 000,017,376 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/01/17 17:42:41 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012/01/17 17:42:34 | 3055,693,824 | -HS- | M] () -- C:\hiberfil.sys [2012/01/17 11:57:41 | 000,000,000 | ---- | M] () -- C:\Users\Stefan\defogger_reenable [2012/01/17 11:45:07 | 000,001,964 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012/01/17 11:26:49 | 000,000,928 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011/12/21 08:42:29 | 000,000,478 | ---- | M] () -- C:\Program Files (x86)\softokn3.chk [2011/12/21 08:42:29 | 000,000,478 | ---- | M] () -- C:\Program Files (x86)\nssdbm3.chk [2011/12/21 08:42:28 | 002,124,760 | ---- | M] () -- C:\Program Files (x86)\mozjs.dll [2011/12/21 08:42:28 | 000,814,040 | ---- | M] (sqlite.org) -- C:\Program Files (x86)\mozsqlite3.dll [2011/12/21 08:42:28 | 000,000,478 | ---- | M] () -- C:\Program Files (x86)\freebl3.chk [2011/12/21 06:09:19 | 005,642,801 | ---- | M] () -- C:\Program Files (x86)\omni.jar [2011/12/21 06:09:19 | 000,002,723 | ---- | M] () -- C:\Program Files (x86)\precomplete [2011/12/21 06:09:15 | 000,000,701 | ---- | M] () -- C:\Program Files (x86)\updater.ini [2011/12/21 06:09:14 | 000,000,003 | ---- | M] () -- C:\Program Files (x86)\update.locale [2011/12/21 06:08:51 | 000,004,284 | ---- | M] () -- C:\Program Files (x86)\crashreporter.ini [2011/12/21 06:08:50 | 000,000,706 | ---- | M] () -- C:\Program Files (x86)\crashreporter-override.ini [2011/12/21 05:29:43 | 000,011,263 | ---- | M] () -- C:\Program Files (x86)\blocklist.xml [2011/12/21 05:29:42 | 000,002,153 | ---- | M] () -- C:\Program Files (x86)\application.ini [2011/12/21 05:29:42 | 000,000,141 | ---- | M] () -- C:\Program Files (x86)\platform.ini [2011/12/21 05:29:40 | 000,000,130 | ---- | M] () -- C:\Program Files (x86)\dependentlibs.list [2011/12/21 03:54:19 | 000,034,427 | ---- | M] () -- C:\Program Files (x86)\removed-files [2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] [1 C:\Users\Stefan\Desktop\*.tmp files -> C:\Users\Stefan\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/01/17 11:57:41 | 000,000,000 | ---- | C] () -- C:\Users\Stefan\defogger_reenable [2012/01/17 11:45:06 | 000,001,964 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012/01/15 18:40:55 | 002,124,760 | ---- | C] () -- C:\Program Files (x86)\mozjs.dll [2011/07/14 14:08:31 | 000,002,723 | ---- | C] () -- C:\Program Files (x86)\precomplete [2011/05/15 12:59:56 | 005,642,801 | ---- | C] () -- C:\Program Files (x86)\omni.jar [2011/05/15 12:59:56 | 000,034,427 | ---- | C] () -- C:\Program Files (x86)\removed-files [2011/04/15 08:27:58 | 000,870,560 | ---- | C] () -- C:\windows\SysWow64\igkrng575.bin [2011/04/15 08:27:57 | 000,127,868 | ---- | C] () -- C:\windows\SysWow64\igcompkrng575.bin [2011/04/15 08:27:57 | 000,104,636 | ---- | C] () -- C:\windows\SysWow64\igfcg575m.bin [2011/04/15 08:27:55 | 000,002,110 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat [2011/03/31 18:28:25 | 001,540,624 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI [2011/03/31 18:26:48 | 000,001,024 | ---- | C] () -- C:\windows\SysWow64\grcauth2.dll [2011/03/31 18:26:48 | 000,001,024 | ---- | C] () -- C:\windows\SysWow64\grcauth1.dll [2011/03/31 18:26:48 | 000,000,100 | ---- | C] () -- C:\windows\SysWow64\prsgrc.dll [2011/03/31 18:25:03 | 000,001,025 | ---- | C] () -- C:\windows\SysWow64\sysprs7.dll [2011/03/31 18:25:03 | 000,000,205 | ---- | C] () -- C:\windows\SysWow64\lsprst7.dll [2011/02/23 12:12:38 | 000,010,752 | ---- | C] () -- C:\Users\Stefan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/11/20 01:35:52 | 000,007,603 | ---- | C] () -- C:\Users\Stefan\AppData\Local\Resmon.ResmonCfg [2010/09/25 16:43:19 | 000,005,140 | ---- | C] () -- C:\Program Files (x86)\folders.cache [2010/09/03 10:49:52 | 000,029,104 | ---- | C] () -- C:\windows\scunin.dat [2010/08/26 16:06:58 | 000,000,701 | ---- | C] () -- C:\Program Files (x86)\updater.ini [2010/08/26 16:06:58 | 000,000,003 | ---- | C] () -- C:\Program Files (x86)\update.locale [2010/08/26 16:06:57 | 000,000,478 | ---- | C] () -- C:\Program Files (x86)\softokn3.chk [2010/08/26 16:06:56 | 000,011,263 | ---- | C] () -- C:\Program Files (x86)\blocklist.xml [2010/08/26 16:06:56 | 000,004,284 | ---- | C] () -- C:\Program Files (x86)\crashreporter.ini [2010/08/26 16:06:56 | 000,002,153 | ---- | C] () -- C:\Program Files (x86)\application.ini [2010/08/26 16:06:56 | 000,000,706 | ---- | C] () -- C:\Program Files (x86)\crashreporter-override.ini [2010/08/26 16:06:56 | 000,000,478 | ---- | C] () -- C:\Program Files (x86)\nssdbm3.chk [2010/08/26 16:06:56 | 000,000,478 | ---- | C] () -- C:\Program Files (x86)\freebl3.chk [2010/08/26 16:06:56 | 000,000,141 | ---- | C] () -- C:\Program Files (x86)\platform.ini [2010/08/26 16:06:56 | 000,000,130 | ---- | C] () -- C:\Program Files (x86)\dependentlibs.list [2010/03/17 20:41:22 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin [2010/03/17 20:38:40 | 000,001,018 | ---- | C] () -- C:\windows\SysWow64\atipblup.dat [2010/03/17 19:18:17 | 000,208,896 | ---- | C] () -- C:\windows\SysWow64\iglhsip32.dll [2010/03/17 19:18:17 | 000,143,360 | ---- | C] () -- C:\windows\SysWow64\iglhcp32.dll [2009/07/14 06:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat [2009/07/14 03:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT [2009/07/14 03:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat [2009/07/14 01:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin [2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll [2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll [2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat ========== LOP Check ========== [2011/09/13 20:27:55 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Bandoo [2011/07/19 11:42:31 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Dropbox [2011/06/01 18:24:01 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\DVDVideoSoft [2011/06/01 18:24:12 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\DVDVideoSoftIEHelpers [2012/01/11 20:28:12 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\GraphPad Software [2011/04/06 18:00:51 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\MediaProSoft Free Video to AVI MPEG Converter [2011/08/01 13:55:21 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\My Games [2010/09/14 09:46:42 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\OpenOffice.org [2012/01/12 10:57:59 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Segment [2011/06/30 13:54:35 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\TS3Client [2012/01/06 09:12:59 | 000,032,640 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2010/08/26 13:27:34 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2010/02/03 14:52:40 | 000,000,000 | -HSD | M] -- C:\Boot [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2010/09/15 21:29:45 | 000,000,000 | ---D | M] -- C:\fb850b3bbd8e18aa237f9d25 [2010/03/17 20:41:40 | 000,000,000 | ---D | M] -- C:\Intel [2010/03/17 20:44:55 | 000,000,000 | RH-D | M] -- C:\MSOCache [2009/07/14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011/01/16 14:51:56 | 000,000,000 | R--D | M] -- C:\Program Files [2012/01/17 11:44:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86) [2012/01/17 11:44:41 | 000,000,000 | -H-D | M] -- C:\ProgramData [2012/01/17 18:11:40 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2010/10/18 19:31:54 | 000,000,000 | R--D | M] -- C:\Users [2012/01/17 10:53:21 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > [2011/12/21 08:42:28 | 000,125,912 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\crashreporter.exe [2011/12/21 08:42:28 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\firefox.exe [2011/12/21 08:42:29 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\plugin-container.exe [2011/12/21 08:42:29 | 000,269,272 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\updater.exe < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.manifest /3 > < MD5 for: AFD.SYS > [2011/04/25 03:44:02 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=6EF20DDF3172E97D69F596FB90602F29 -- C:\windows\SysNative\drivers\afd.sys [2011/04/25 03:44:02 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=6EF20DDF3172E97D69F596FB90602F29 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_3430bc3977dfec2d\afd.sys [2009/07/14 00:21:42 | 000,500,224 | ---- | M] (Microsoft Corporation) MD5=B9384E03479D2506BC924C16A3DB87BC -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_33dd3439781e25f7\afd.sys [2011/04/25 03:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys [2011/04/25 04:09:35 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=F4AD06143EAC303F55D0E86C40802976 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys [2011/04/25 03:44:27 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=FBFF8B7C9D116229E9208A0D1CAEB49B -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_3483491e9126fe55\afd.sys < MD5 for: EXPLORER.EXE > [2010/03/18 00:49:16 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe [2011/02/26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe [2011/02/26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe [2011/02/26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2011/02/26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe [2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2011/02/26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe [2011/02/26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe [2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011/02/26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010/03/18 00:49:16 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe [2010/03/17 19:12:55 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2009/10/31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2010/03/17 19:12:55 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2009/10/31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2010/03/17 19:12:55 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009/07/14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009/10/31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2010/03/18 00:49:16 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe [2011/02/26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe [2010/03/17 19:12:55 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe [2010/03/18 00:49:16 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe < MD5 for: REGEDIT.EXE > [2009/07/14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe [2009/07/14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe [2009/07/14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe [2009/07/14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe < MD5 for: USERINIT.EXE > [2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe [2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\windows\SysNative\userinit.exe [2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe < MD5 for: WININIT.EXE > [2009/07/14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\windows\SysNative\wininit.exe [2009/07/14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2009/07/14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009/10/28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009/10/28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\windows\SysNative\winlogon.exe [2009/10/28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > < End of report > Über jedwede hilfe würde ich mich sehr freuen, vielen dank im vorraus! P.S.:Ich schreibe hier von einem mac aus und benutze zum transfer der logs immer meinen usb-stick, auf diesem hält sich auch nach dem löschen eine "autorun.inf", erstellt die ein (der) virus immer wieder neu, oder ist das normal? hab sie hier mal durchgecheckt: https://www.virustotal.com/file/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855/analysis/ ... demnach war nichts auffällig, aber es wundert mich dass die datei immer wieder auftaucht. Avira blockt die datei regelmäßig, also nicht nur beim einstecken, so alle 5 min. Nochmal vielen dank für jeden der hier seine zeit opfert! Geändert von GutenTag (17.01.2012 um 19:05 Uhr) |
| Themen zu Meldung: "Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem gesperrt" |
| 2.0.7, 64-bit, achtung!, autorun, avira, bho, browser, canon, converter, dateisystem, desktop, error, excel, fehler, firefox, flash player, helper, heuristiks/extra, heuristiks/shuriken, home, igdpmd64.sys, install.exe, microsoft office word, mozilla, mp3, office 2007, panda usb vaccine, plug-in, programm, realtek, registry, required, scan, security, security update, software, spyware.marketscore, spyware.onlinegames, studio, system, teamspeak, usb, usb 2.0, webcheck, windowssystem gesperrt, wurde ihr |
Baum-Darstellung